bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95496ce2161300fbda9d2d90fd0320cc12e5958b
crewli/api/tests/Feature/Invitation/InvitationTest.php
bert.hausmans 65978104d8 feat: complete email infrastructure with queue, templates, logging, and API 
Adds the full transactional email system:
- Redis queue (QUEUE_CONNECTION=redis), SES config in .env.example
- 3 migrations: organisation_email_settings, organisation_email_templates, email_logs
- EmailTemplateType and EmailLogStatus enums with Dutch defaults
- EmailService as central entry point for all email sending
- SendTransactionalEmail queued job with retries and idempotency
- TransactionalMail mailable with responsive HTML + plain text templates
- Organisation-level branding (colors, logo, footer, reply-to)
- Per-type template overrides with {variable} substitution
- Email log with filtering by status, type, date range, recipient
- Preview and send-test endpoints for template management
- API endpoints: email-settings, email-templates (CRUD), email-logs (read-only)
- Integrated into existing flows: invitations, password reset, email
  verification, registration approval/rejection
- 37 new tests across 4 test files, all existing tests updated

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 20:12:21 +02:00

298 lines
9.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Feature\Invitation;
use App\Enums\EmailTemplateType;
use App\Jobs\SendTransactionalEmail;
use App\Models\Organisation;
use App\Models\User;
use App\Models\UserInvitation;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Queue;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class InvitationTest extends TestCase
{
use RefreshDatabase;
private Organisation $org;
private User $orgAdmin;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->org = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->org->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
}
// --- INVITE ---
public function test_org_admin_can_invite_user(): void
{
Queue::fake();
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'newuser@test.nl',
'role' => 'org_member',
]);
$response->assertCreated();
$this->assertDatabaseHas('user_invitations', [
'email' => 'newuser@test.nl',
'organisation_id' => $this->org->id,
'status' => 'pending',
]);
Queue::assertPushed(SendTransactionalEmail::class, function ($job) {
return $job->recipientEmail === 'newuser@test.nl'
&& $job->type === EmailTemplateType::INVITATION;
});
}
public function test_org_member_cannot_invite_user(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($member);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'newuser@test.nl',
'role' => 'org_member',
]);
$response->assertForbidden();
}
public function test_invite_duplicate_email_returns_422(): void
{
Mail::fake();
Sanctum::actingAs($this->orgAdmin);
UserInvitation::factory()->create([
'email' => 'existing@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'existing@test.nl',
'role' => 'org_member',
]);
$response->assertUnprocessable();
}
public function test_invite_existing_member_returns_422(): void
{
Mail::fake();
$existingUser = User::factory()->create(['email' => 'member@test.nl']);
$this->org->users()->attach($existingUser, ['role' => 'org_member']);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'member@test.nl',
'role' => 'org_member',
]);
$response->assertUnprocessable();
}
// --- SHOW ---
public function test_show_invitation_by_token(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
]);
$response = $this->getJson("/api/v1/invitations/{$invitation->plainToken}");
$response->assertOk();
$response->assertJsonPath('data.organisation.name', $this->org->name);
}
public function test_show_expired_invitation_returns_status_expired(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->subDay(),
]);
$response = $this->getJson("/api/v1/invitations/{$invitation->plainToken}");
$response->assertOk();
$response->assertJsonPath('data.status', 'expired');
}
public function test_show_unknown_token_returns_404(): void
{
$response = $this->getJson('/api/v1/invitations/nonexistent-token');
$response->assertNotFound();
}
// --- ACCEPT ---
public function test_accept_with_new_account(): void
{
$invitation = UserInvitation::factory()->create([
'email' => 'newuser@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->plainToken}/accept", [
'first_name' => 'New',
'last_name' => 'User',
'password' => 'Password123',
'password_confirmation' => 'Password123',
]);
$response->assertOk();
$response->assertJsonStructure(['data' => ['user' => ['id', 'first_name', 'last_name', 'full_name', 'email']]]);
// Token must NOT be in response body (set via httpOnly cookie)
$this->assertArrayNotHasKey('token', $response->json('data'));
$this->assertDatabaseHas('users', ['email' => 'newuser@test.nl']);
$this->assertDatabaseHas('organisation_user', [
'organisation_id' => $this->org->id,
'role' => $invitation->role,
]);
$this->assertDatabaseHas('user_invitations', [
'id' => $invitation->id,
'status' => 'accepted',
]);
}
public function test_accept_with_existing_account(): void
{
$existingUser = User::factory()->create(['email' => 'existing@test.nl']);
$invitation = UserInvitation::factory()->create([
'email' => 'existing@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->plainToken}/accept");
$response->assertOk();
$response->assertJsonStructure(['data' => ['user']]);
// Token must NOT be in response body (set via httpOnly cookie)
$this->assertArrayNotHasKey('token', $response->json('data'));
$this->assertDatabaseHas('organisation_user', [
'user_id' => $existingUser->id,
'organisation_id' => $this->org->id,
]);
}
public function test_accept_expired_invitation_returns_422(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->subDay(),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->plainToken}/accept", [
'first_name' => 'Test',
'last_name' => 'User',
'password' => 'Password123',
'password_confirmation' => 'Password123',
]);
$response->assertUnprocessable();
}
public function test_accept_already_accepted_invitation_returns_422(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'accepted',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->plainToken}/accept", [
'first_name' => 'Test',
'last_name' => 'User',
'password' => 'Password123',
'password_confirmation' => 'Password123',
]);
$response->assertUnprocessable();
}
// --- REVOKE ---
public function test_org_admin_can_revoke_invitation(): void
{
Sanctum::actingAs($this->orgAdmin);
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
]);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/invitations/{$invitation->id}"
);
$response->assertNoContent();
$this->assertDatabaseHas('user_invitations', [
'id' => $invitation->id,
'status' => 'expired',
]);
}
public function test_org_member_cannot_revoke_invitation(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($member);
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
]);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/invitations/{$invitation->id}"
);
$response->assertForbidden();
}
public function test_unauthenticated_cannot_invite(): void
{
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'test@test.nl',
'role' => 'org_member',
]);
$response->assertUnauthorized();
}
}
Reference in New Issue View Git Blame Copy Permalink